Description
SQL injection vulnerability in admin/index.php in ActiveCampaign 1-2-All Broadcast Email allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username field in the admin control panel.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by bhs_team · textwebappsphp
https://www.exploit-db.com/exploits/26501
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=113201260613863&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/20949
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15400/
Scores
EPSS
0.0137
EPSS Percentile
80.4%
Details
Status
published
Products (1)
activecampaign/1-2-all_broadcast_email
4.07
Published
Nov 18, 2005
Tracked Since
Feb 18, 2026